The developers behind the privacy-oriented cryptocurrency monero (XMR), currently the 10th-largest digital asset, have announced fixing a severe vulnerability. If detected by hackers, the bug could have allowed to cause significant damage to crypto exchanges and online merchants, accepting payments in XMR.
Reportedly, the bug was discovered after a community member described a hypothetical attack on the subreddit of monero. It was found lying in the wallet software would have potentially allowed a user to “burn” XMR by sending multiple payments to the same stealth address. For those unfamiliar with the term, stealth address is a payment proxy, adding an extra layer of privacy. The user, sending the crypto, can transfer it to a stealth address, which then re-routes the funds to the intended real address.
The official blog post shed some light on how the vulnerability could have been exploited, saying that, “An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange’s hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange’s wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR.“
Basically, after sending 1 XMR token a thousand times, the attacker would receive an equivalent amount of another crypto, for example BTC. The exchange, running on a defective Monero code, would reply to all 1000 transactions with bitcoin but would later validate only the first transaction and invalidate the rest of the funds, after the expiration of stealth addresses.
This could have resulted in massive losses for the exchanges but luckily the Monero devs have already implemented a fix, releasing the v.0.12.3.0 patch earlier today. The bug did not affect the XMR protocol or the coin supply.
It is not the first time that Monero has been a subject of controversy. The anonymous digital currency has long been favoured by hackers and other bad actors and we have already reported that malicious XMR mining software has been detecting in Apple’s Mac computers earlier this year.
However, even the mighty bitcoin is not safe against similar incidents. Last week, BTC developers have reported of detecting a bug that would have allowed malicious miners to artificially inflate the supply of bitcoin through a double spend transaction.
Image Source: “Flickr”
I have been following the crypto markets since mid 2017, just in time to witness the incredible surge of the digital asset industry. Fascinated by the potential of blockchain technology I’ve started to dig deeper and that’s how I ended up meeting the Toshi Times team. I hold a Political Science degree, therefore the crypto regulation development is particularly interesting for me. I’m also heavily involved with music, running my own label, a YouTube channel and working with distribution. People call blockchain the ‘Fourth Industrial Revolution’ and I believe it will change our daily lives in the coming years and we will have the front row seats to witness it.